An Old Trojan in New Clothing

(Page 1 of 5 )

Computer security can trip up even enlightened end users. If you don't open email attachments, surf carefully, remember to keep your anti-virus software turned on and scan once a week, it still might not be enough. I know, because that's what I do – and I still caught something. Keep reading to learn from my experience.

It started with some casual web surfing Sunday night. Suddenly, my computer rebooted for no apparent reason. I didn't think much of it at the time, because it came right back up, and I wasn't – as far as I knew – surfing a potentially dangerous web site. But once the system came back to life, I tried to start surfing again – and that's when the trouble began.

Rather than taking me directly to my start page (Google), my browser displayed the following warning:

“Insecure Internet activity. Threat of virus attack. Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.

“Also, insecure Internet activity can result in revealing your personal information. To get full advanced real-time protection for PC and Internet activity, register your antivirus software.”

“We recommend you to protect your PC now and continue safe Internet browsing.

“Click here to get full advanced real-time protection and continue browsing.

“Continue to this website unprotected (not recommended).”

You'll note there's a grammar error in the third from last sentence. It's also worth noting that I got this message in both IE and FireFox. By the time I determined that both browsers were affected, I started getting a pop-up box (which continued to show up every 15 minutes). It displayed the following message:

"Do you want to block this suspicious software? Name: Trojan.Zlob.G Risk Level: High Description: Trojan.Zlob.G is a trojan program that records keystrokes and takes screen shots of the computer, stealing personal and financial information."

It even said that Microsoft Firewall had blocked the activity of the software, but could not remove it! Anyway, the alert featured three buttons: Keep Blocking, Unblock, and Enable Protection. The first two were greyed out, however, leaving only Enable Protection. Clicking that button, as it turned out, took me to the same web site I would have visited if I had clicked “Click here to get full advanced real-time protection and continue browsing” when the warning message came up in my browser.